CVE-2024-41928

{"id": "CVE-2024-41928", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.4, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.5}]}, "published": "2024-09-05T04:15:06.947", "references": [{"url": "https://security.freebsd.org/advisories/FreeBSD-SA-24:10.bhyve.asc", "source": "secteam@freebsd.org"}, {"url": "https://security.netapp.com/advisory/ntap-20240920-0009/", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "secteam@freebsd.org", "description": [{"lang": "en", "value": "CWE-125"}, {"lang": "en", "value": "CWE-787"}, {"lang": "en", "value": "CWE-1285"}]}], "descriptions": [{"lang": "en", "value": "Malicious software running in a guest VM can exploit the buffer overflow to achieve code execution on the host in the bhyve userspace process, which typically runs as root. Note that bhyve runs in a Capsicum sandbox, so malicious code is constrained by the capabilities available to the bhyve process."}, {"lang": "es", "value": "El software malintencionado que se ejecuta en una m\u00e1quina virtual invitada puede aprovechar el desbordamiento del b\u00fafer para lograr la ejecuci\u00f3n de c\u00f3digo en el host en el proceso de espacio de usuario bhyve, que normalmente se ejecuta como ra\u00edz. Tenga en cuenta que bhyve se ejecuta en un entorno aislado de Capsicum, por lo que el c\u00f3digo malintencionado est\u00e1 limitado por las capacidades disponibles para el proceso bhyve."}], "lastModified": "2024-11-21T09:33:17.773", "sourceIdentifier": "secteam@freebsd.org"}